inspec-cloudformation 0.0.1 → 0.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile +2 -3
  3. data/README.md +9 -0
  4. data/inspec-cloudformation.gemspec +1 -1
  5. data/lib/inspec-cloudformation/input.rb +19 -95
  6. data/lib/inspec-cloudformation/plugin.rb +3 -3
  7. data/lib/inspec-cloudformation/version.rb +2 -2
  8. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 0bac1eaa6b1118ac6bb8066a77210d81199502aa46c8c6d0a66280f098fd0fca
4
- data.tar.gz: 93fb485ae89f6c423a3dc815b1acd5a892e8d9849487d5ba562526b0b421cad9
3
+ metadata.gz: 84d84c23a0a26abdbb5043ef7d209f0ca47021be1d83c4713e68a380f1750937
4
+ data.tar.gz: bf790958e6ff825b7e88f18137466b88dcbb5acdfe561b1ac9efa7eb5d089bd5
5
5
  SHA512:
6
- metadata.gz: af62285f8c803d4e32303a271469412ecd78f28d6534a1e198d721ab264bf13b8da5130755dd14e54440b9e47bbcc25211e9796930e2a120ddd568d00dc882c0
7
- data.tar.gz: 2b3692f7fbd654e8de573e58a8708dbbaade5e43658aefad4aeea1bcb0bb5bbab30e6673e0f16c7c53f11e65c519cea3edebbb775a68ef86c764460ff712939b
6
+ metadata.gz: 3be38104a21d39f805b88a6c1e76e68ec323720bcfcddc7ad8c2559919c878d34d6582deb1268426891d83c92235d13e78758b1a56f99d908edb742aff063443
7
+ data.tar.gz: b6a097f49229b9c574f7a2c81e4cf540408c2f3e908a4756f86782637214f350170305340fa40a93c6e4bd964348d8e7732b324725d7269a7b7ee07f14cf41d9
data/Gemfile CHANGED
@@ -2,10 +2,9 @@ source "https://rubygems.org"
2
2
 
3
3
  gemspec
4
4
 
5
- # gem "inspec-bin"
6
5
  gem 'rake-release'
7
-
8
-
6
+ gem 'gem-release'
7
+ gem 'rubygems-update'
9
8
 
10
9
  group :development do
11
10
  gem "chefstyle", "2.2.0"
data/README.md CHANGED
@@ -1 +1,10 @@
1
1
  # inspec-cloudformation
2
+
3
+
4
+ ## Release Process
5
+
6
+ - make your changes
7
+ - `git ca`
8
+ - `gem tag`
9
+ - `gem release`
10
+ - `gem bump`
data/inspec-cloudformation.gemspec CHANGED
@@ -14,7 +14,7 @@ Gem::Specification.new do |spec|
14
14
  spec.name = "inspec-cloudformation"
15
15
 
16
16
  # It is polite to namespace your plugin under InspecPlugins::YourPluginInCamelCase
17
- spec.version = InspecPlugins::Vault::VERSION
17
+ spec.version = InspecPlugins::CloudFormation::VERSION
18
18
  spec.authors = ["Andy Boutte"]
19
19
  spec.email = ["andyboutte@gmail.com"]
20
20
  spec.summary = "Use CloudFormation Outputs in your InSpec profiles"
data/lib/inspec-cloudformation/input.rb CHANGED
@@ -1,28 +1,16 @@
1
1
  require 'aws-sdk-cloudformation'
2
2
 
3
-
4
-
5
-
6
-
7
-
8
-
9
-
10
-
11
-
12
3
  # See https://github.com/inspec/inspec/blob/master/docs/dev/plugins.md#implementing-input-plugins
13
4
 
14
- module InspecPlugins::Vault
5
+ module InspecPlugins::CloudFormation
15
6
  class Input < Inspec.plugin(2, :input)
16
7
 
17
- VALID_PATTERNS = [
18
- Regexp.new("^databag://[^/]+/[^/]+/.+$"),
19
- Regexp.new("^node://[^/]*/attributes/.+$"),
20
- ].freeze
8
+ # VALID_PATTERNS = [
9
+ # Regexp.new("^databag://[^/]+/[^/]+/.+$"),
10
+ # Regexp.new("^node://[^/]*/attributes/.+$"),
11
+ # ].freeze
21
12
 
22
13
  attr_reader :plugin_conf
23
- # attr_reader :mount_point
24
- # attr_reader :path_prefix
25
- # attr_reader :vault
26
14
  attr_reader :priority
27
15
  attr_reader :input_name
28
16
  attr_reader :logger
@@ -39,10 +27,7 @@ module InspecPlugins::Vault
39
27
  # We need priority to be numeric; even though env vars or JSON may present it as string - hence the to_i
40
28
  @priority = fetch_plugin_setting("priority", 60).to_i
41
29
 
42
- # @vault = Vault::Client.new(
43
- # address: fetch_vault_setting("vault_addr"),
44
- # token: fetch_vault_setting("vault_token")
45
- # )
30
+
46
31
  end
47
32
 
48
33
  # What priority should an input value recieve from us?
@@ -52,33 +37,20 @@ module InspecPlugins::Vault
52
37
  def default_priority
53
38
  priority
54
39
  end
55
-
56
- # returns Array of input names as strings
57
- # def list_inputs(profile_name)
58
- # vault.with_retries(Vault::HTTPConnectionError) do
59
- # path = logical_path_for_profile(profile_name)
60
- # doc = vault.logical.read(path)
61
- # return [] unless doc
62
-
63
- # return doc.data[:data].keys.map(&:to_s)
64
- # end
65
- # end
66
-
67
- # Fetch a value of a single input from Vault
68
40
 
69
41
  def fetch(profile_name, input_name)
42
+ # skip any input name that is an invalid cloudformation stack name to keep things quick...no need to make the AWS API call.
70
43
  return nil if input_name.include?('_')
71
-
72
-
73
- cf = Aws::CloudFormation::Client.new
44
+ return nil unless input_name.include?('/')
74
45
 
75
46
  # input format will be "cloudformation stack name / output name"
76
-
77
47
  stack_name = input_name.split('/').first
78
48
  output_name = input_name.split('/').last
79
49
 
80
- logger.info format("The stack name is %s", stack_name)
81
- logger.info format("The output name is %s", output_name)
50
+ logger.debug format("The stack name is %s", stack_name)
51
+ logger.debug format("The output name is %s", output_name)
52
+
53
+ cf = Aws::CloudFormation::Client.new
82
54
 
83
55
  name = { stack_name: stack_name }
84
56
  resp = cf.describe_stacks(name)
@@ -88,69 +60,21 @@ module InspecPlugins::Vault
88
60
  next unless output['output_key'] == output_name
89
61
  return output['output_value']
90
62
  end
91
-
92
- # stacks.each do |stack|
93
- # next if input(stack).nil? # If HRA addon was skipped we expect the input to be skipped also
94
-
95
- # end
96
-
97
-
98
-
99
- # @input_name = input_name
100
63
 
101
- # path = logical_path_for_profile(profile_name)
102
- # item = input_name
103
-
104
- # if absolute_path?
105
- # _empty, *path, item = input_name.split("/")
106
- # path = logical_path path.join("/")
107
- # end
108
-
109
- # logger.info format("Reading Vault secret from %s", path)
110
- # vault.with_retries(Vault::HTTPConnectionError) do
111
- # doc = vault.logical.read(path)
112
- # # Keys from vault are always symbolized
113
- # return doc.data[:data][item.to_sym] if doc
114
- # end
64
+ # if no CloudFormation output found
65
+ return nil
115
66
  end
116
67
 
117
68
  private
118
69
 
119
- # # Assumption for profile based lookups: inputs have been stored on documents named
120
- # # for their profiles, and each input has a key-value pair in the document.
121
- # def logical_path_for_profile(profile_name)
122
- # logical_path(profile_name)
70
+ # def valid_plugin_input?(input)
71
+ # VALID_PATTERNS.any? { |regex| regex.match? input }
123
72
  # end
124
73
 
125
- # def logical_path(relative_path)
126
- # # When you actually read a value, on the KV2 backend you must
127
- # # read secret/data/path, not secret/path (as on the CLI)
128
- # # https://www.vaultproject.io/api/secret/kv/kv-v2.html#read-secret-version
129
- # # Is this true for all backends?
130
- # "#{mount_point}/data/#{prefix}#{relative_path}"
74
+ # def fetch_plugin_setting(setting_name, default = nil)
75
+ # env_var_name = "INSPEC_CLOUDFORMATION_#{setting_name.upcase}"
76
+ # ENV[env_var_name] || plugin_conf[setting_name] || default
131
77
  # end
132
78
 
133
- # def prefix
134
- # return "#{path_prefix}/" unless absolute_path?
135
-
136
- # ""
137
- # end
138
-
139
- # def absolute_path?
140
- # input_name.start_with?("/")
141
- # end
142
-
143
- def valid_plugin_input?(input)
144
- VALID_PATTERNS.any? { |regex| regex.match? input }
145
- end
146
-
147
- def fetch_plugin_setting(setting_name, default = nil)
148
- env_var_name = "INSPEC_CLOUDFORMATION_#{setting_name.upcase}"
149
- ENV[env_var_name] || plugin_conf[setting_name] || default
150
- end
151
-
152
- # def fetch_vault_setting(setting_name)
153
- # ENV[setting_name.upcase] || plugin_conf[setting_name]
154
- # end
155
79
  end
156
80
  end
data/lib/inspec-cloudformation/plugin.rb CHANGED
@@ -9,15 +9,15 @@
9
9
  # Presumably this is light
10
10
  require "inspec-cloudformation/version"
11
11
  module InspecPlugins
12
- module Vault
12
+ module CloudFormation
13
13
  class Plugin < ::Inspec.plugin(2)
14
14
  # Internal machine name of the plugin. InSpec will use this in errors, etc.
15
15
  plugin_name :'inspec-cloudformation'
16
16
 
17
17
  # Define an Input plugin type.
18
- input :vault do
18
+ input :cloudformation do
19
19
  require_relative "input"
20
- InspecPlugins::Vault::Input
20
+ InspecPlugins::CloudFormation::Input
21
21
  end
22
22
 
23
23
  end
data/lib/inspec-cloudformation/version.rb CHANGED
@@ -2,7 +2,7 @@
2
2
  # the version stamp, and provide a clean way for the gemspec
3
3
  # to learn the current version.
4
4
  module InspecPlugins
5
- module Vault
6
- VERSION = "0.0.1".freeze
5
+ module CloudFormation
6
+ VERSION = "0.0.4".freeze
7
7
  end
8
8
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: inspec-cloudformation
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.1
4
+ version: 0.0.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Andy Boutte
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-07-01 00:00:00.000000000 Z
11
+ date: 2022-07-05 00:00:00.000000000 Z
12
12
  dependencies: []
13
13
  description: This plugin allows InSpec 'inputs' to be provided by CloudFormation Outputs.
14
14
  email: